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METHOD AND SYSTEMS FOR PROTECTING SUBSCRIBER 
IDENTIFICATION BETWEEN SERVICE AND CONTENT PROVIDERS 

Field of the Invention 

The present invention relates generally to the identifi- 
cation protection of the subscriber of a distributed network 
environment, such as the Internet, and more specifically to a 
method and systems for securely and anonymously transferring 
subscriber identification between service and content 
providers . 

Background of the Invention 

The Service Provider (SP) market moves up the value chain 
from pure connectivity services to deliver value-added and 
revenue generating services. The business model of a Service 
Provider which was initially driven by minutes of use is being 
more and more replaced by data traffic, generated by users 
that access external services through an increasing variety of 
devices. In addition to growing their customer bases, service 
providers are now looking to increase the average revenue per 
user to boost revenues. More compelling services such as 
content, commerce, and applications promise higher profit 
margins, improved customer retention, and greater" customer 
satisfaction. Yet managing and distributing these third-party 
content services present significant challenges to service 
providers . 

At the same time, Content Providers (CP) are quickly 
becoming experts in digitally managing and distributing their 
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content but still face the challenge of establishing 
independent relationships with end users. To successfully 
generate revenue through digital content assets, both service 
and content providers need a solution that leverages their 
complementary strengths while protecting their respective 
assets . 

in this context the emerging Web Services technology will 
use a key role in the management of the Business to Business 
(B2B) relationship between the SPs and CPs. As the Web did for 
program-to-user interactions, Web Services will do for 
program-to-program interactions. Web Services allow companies 
to reduce the cost of doing e-business, to deploy solutions 
faster and to open up new opportunities. The key to reaching 
this new horizon is a common program-to-program communications 
model, built on existing and emerging standards such as HTTP, 
extensible Markup Language (XML) , Simple Object Access Proto- 
col (SOAP), Web Services Description Language (WSDL) and 
Universal Description, Discovery and Integration (UDDI) . Web 
Services allow applications to be integrated more rapidly, 
easily and less expensively than ever before. They provide an 
unifying programming model so that application integration 
inside and outside the enterprise can be done with a common 
approach . 

in today's market, a Service Provider generally aggre- 
gates content from multiple Content Providers and therefore 
multiply its partnerships with CPs. In order to ease Integra 
tion with these different CPs, the SP intends more and more to 
delegate some authentication and authorization tasks to the 
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These tasks could be done in different ways : 

- no authentication process is done by the CPs site 
to deliver its content to the SP. However, this business 
model does not seem to be very realistic. 

- an user registry is available on the CP sites which 
implies that the CPs need to build and maintain their own 
subscriber registry. On one hand, this solution increases 
the amount of business process on the CP side and therefore 
cost, and on the other hand, either the SP has to deliver 
protected or confidential data about the subscribers which 
might not be part of its business policy, or the user has 
to be registered on both side, SP and CP, which might not 
be convenient for the end-user. 

Summary of the Invention 

Thus, it is a broad object of the invention to remedy the 
shortcomings of the prior art as described here above. 

It is another object of the invention to provide a method 
and systems adapted to protect service provider subscriber 
registry. 

It is a further object of the invention to provide a 
method and systems that avoid content provider to build and 
maintain its own subscriber registry. 

It is a further object of the invention to provide a 
method and systems adapted to protect user privacy when the 
user gets other contents than those provided by its service 
provider . 

It is still a further object of the invention to provide 
a method and systems adapted to prevent subscriber to enroll 
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again to every external content providers and provide personal 
and/or sensitive information to content provider that may be 
considered as not trustable. 

It is still a further object of the invention to provide 
a method and systems adapted to supply a Web Services based 
mechanism to allow content provider to validate subscriber 
identity prior to download content. 

The accomplishment of these and other related objects is 
achieved by a method for protecting the identifier of a 
subscriber in data transfer between a service and a content 
providers when said subscriber send a request to said service 
provider to get data belonging to said content provider, said 
method comprising the steps of : 

- upon reception of said subscriber request by said service 
provider : 

- computing an encrypted token using said identifier of 
said subscriber ; and, 

- transmitting said subscriber request and said encrypted 
token to said content provider ; 

- upon reception by said service provider of a certifica- 
tion request comprising an encrypted token, sent by said 
content provider : 

- extracting said encrypted token from said certification 
request ; 

- decrypting said extracted encrypted token to determine 
subscriber identifier ; 

- checking said determined subscriber identifier ; and, 

- transmitting a success or failure indication to said 
content provider in response to said certification 
request ; 
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- upon reception of said data belonging to said content 
provider, transmitting said data belonging to said content 
provider to said subscriber. 

Further advantages of the present invention will become 
5 apparent to the ones skilled in the art upon examination of 
the drawings and detailed description. It is intended that any 
additional advantages be incorporated herein. 

Brief Description of the Drawings 

Figure 1 is an example of a standard distributed network 
environment wherein the method of the invention 
is implemented. 

Figure 2 , comprising figures 2a and 2b, illustrates the 
algorithm of the method of the invention. 

Figure 3 shows an example of the algorithm used to compute 
an encrypted token that "anonymizes" user identi- 
fier during data transfer between service and 
content providers . 

Figure 4 illustrates an example of the algorithm used to 
extract user identifier from an encrypted token 
so that the service provider may certify it. 



10 Detailed Description of the Preferred Embodiment 

According to the invention, the CPs use the SP's user 
registry to prevent the end-user to enroll (or to be enrolled 
by batch process for instance) several times to different CPs, 
in order to be authorized to download content from their site, 
15 and simplify drastically the cost of business process on the 
CP side. 
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However, since the CPs need to make sure of the 
subscription and of the authorization of the end-user request- 
ing a specific content towards the SP platforms, an user 
identifier, referred to as an user Id in the following 
5 description, must be transferred and shared in the communica- 
tion process between the CPs and the SPs. For that purpose, 
the end-user can be assigned an identification symbol, stati- 
cally or dynamically. 

Static assignment allows obviously the CPs to perform 
10 some statistics and users' behavior analysis such as "The user 
X accesses the application on the daily basis between 9:00 and 
10:00". Static assignment is easier to handle, but it can not 
prevent from user analysis. At least it prevents from corre- 
lating the user behavior to the actual user whereas dynamic 
15 assignment prevents the application to perform user analysis, 
and therefore adds more security to the SP subscriber registry 
because it completely insures end-users privacy by preventing 
the content provider to buildup statistical information about 
subscriber interests. As a consequence, a preferred embodiment 
20 of the invention is based on dynamic assignment. 

The invention provides a scalable and secure solution for 
sharing trustable subscriber identification between a SP and a 
CP thus, providing the necessary base for revenue sharing 
business model. The solution is based on the generation and 
25 transmission of an anonymous subscriber token to every 
requests, such as HTTP requests, going to external services 
managed by the SP and a mechanism, installed and maintained on 
the SP side, to allow CP to validate the subscriber token 
prior to download valuable content. 
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The invention consists in a secure method allowing the SP 
to deploy a common architecture to integrate any CPs more 
rapidly, easily and less expensively than before : 

- by sending an encrypted token, preferably a dynamic 
encrypted token, to each requests going to the CPs who 
share a contract with the SP, 

- by publishing/providing a Web Service based mecha- 
nism allowing the CP to use this encrypted token sent by 
the SP in order to validate, authorize and, for example, in 
case of revenue-sharing business model, bill the end-user 
prior to download content. 

This overall mechanism guarantees 100% privacy of 
end-users regarding the CPs making each request anonymous and 
in the same time, allows the SP to control the validity of 
user information sent by the CP by using standard key encryp- 
tion (symmetric or asymmetric key) . 

Figure 1 illustrates a typical exchange between an 
end-user, a SP and a CP when using the method of the 
invention. As shown, an end-user 100 is connected to a service 
provider platform 105 that is linked to a content provider 
platform 110 through a distributed network environment 115, 
such as the Internet. A single content provider is illustrated 
for sake of clarity. In the following description, it is 
assumed that authentication/authorization phase of the 
end-user towards the SP has been done. 

End-user 100 may access an application of the service 
provider or an external service through a proxy 120, to reach 
a personalized content, e.g. news or weather forecast, 
retrieved by the SP from a CP partner. The service provider 
platform 105 checks in its user registry 125 if the end-user 
100 requesting such a service is "known" and has the 
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authorization to do it. Some user management session 130 could 
be done at this point in the service provider platform 105 to 
prevent an user registry access for each subsequent request. 

Once the user has been authorized by the SP to access the 
requested external service and before sending the request to 
the content provider platform, the SP generates an encrypted 
token from the user Id retrieved in the SP user registry 125 
(user Id is a symbol that will uniquely identify the end-user 
100) using an user anonymizat ion mechanism 135 based on a 
standard key encryption algorithm. The algorithm used to 
generate an encrypted token is detailed by reference to figure 
3. Then, the request is sent to the content provider platform 
110, enriched with the encrypted token previously calculated, 
that may be stored in the correspondent user session. In such 
case, this mechanism will guarantee that the same encrypted 
token will be used for each subsequent request during the same 
session. Obviously, a new encrypted token will be generated 
for another subsequent session of the same user making the 
user "anonymization" dynamic. The encrypted token lifetime is 
exactly the user session lifetime. 

The CP uses a handler 140 and an authentication Web 
Service (WebSCP) 145 provided by the service provider through 
a request, e.g. a SOAP request. The CP has the responsibility 
to transfer the encrypted token as requested by the published 
Web Service interface. The encrypted token could be passed 
directly in the SOAP body or alternatively in a predefined 
SOAP header. The SOAP request could be securely transfer by 
using secure SOAP protocols. Before being processed by the Web 
Service endpoint, the SOAP request is intercepted by a SOAP 
handler 140 whose role is to decrypt the encrypted token using 
the appropriate key and to extract the user Id (the algorithm 
is described by reference to figure 4). SOAP handler 140 
provides a generic mechanism for performing specific 
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processing of any SOAP messages and acts as plug-in in a Web 
Service runtime environment. The user Id is checked by the 
authentication Web Service 145 using the SP user registry 125. 
Authentication Web Service 145 may also handle additional 
treatments such as the billing in real-time mode of the user. 
The WebSCP 145 sends back the SOAP response to the CP, 
indicating the success or failure of the operation. 

Depending on the response status, the appropriate content 
extracted from the content provider platform storage 150 or an 
error message is sent to the SP application or proxy 120 so as 
to be transmitted to the end-user 100, depending upon the CP 
response . 

Figure 2a illustrates the algorithm of the invention to 
implement the method described above. When a user has estab- 
lished a connection with the SP to which he has subscribed, he 
may send a request to obtain particular data (step 200) . The 
SP verifies the rights of the user (step 205) by looking at 
the user registry 125. If the user has not the rights 
requested for obtaining the data he has asked, he is 
forewarned and may send another request. Else, if he has the 
rights, the user Id is encrypted to "anonymize" his 
identifier, using the algorithm described by reference to 
figure 3, producing an encrypted token (step 210) . The 
encrypted token is preferably such that, even if it may be 
preserved during a particular session, a new one is computed 
at each session, e.g. at each connection. If the encrypted 
token is preserved during a session, it is stored in a session 
memory 130 of the SP. Then, the SP forward the user request to 
the corresponding CP with associated encrypted token (step 
215) . When a CP receives a request with associated encrypted 
token, he verifies the user Id by sending a certification 
request to the SP from which he receives the user request 
(step 220) . The certification request may comprise an 
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instruction for billing the user according to the requested 
data if the user Id is certified (step 225) . If the SP does 
not certify the user Id, the user request is abandoned. Else, 
if the SP certifies the user Id, the CP transmits the 
5 requested data to the SP (step 230) . At this stage, the CP may 
also send a request to the SP, different from the certifica- 
tion request, to charge the user of an amount corresponding to 
the user request (step 225) . Such billing request, comprising 
the encrypted token, may be send at anytime by the CP. 
10 Obviously, the billing operation is done only after user 
authentication, using described mechanism. When received, the 
requested data are formatted by the SP to be personalized, as 
needed by user, (step 235), prior to be transmitted to user 
(step 240) that may send another request. 

15 Figure 2b details the mechanism used to handle the 

content provider certification request, i.e. the step consist- 
ing in verifying the encrypted token (step 220) . When the 
content provider receives a request comprising an encrypted 
token, a SOAP certification request is sent back to the 

20 service provider with the encrypted token (step 245) . The 
encrypted token could be passed directly in the SOAP body or 
in a predefined SOAP header. Upon reception, the service 
provider extracts the encrypted token from the SOAP certifica- 
tion request (step 250) and decrypts this encrypted token 

25 (step 255) in the SOAP handler. The decrypted token that 
should represent the identifier of a subscriber having sent a 
request is checked using the user registry 125 (not repre- 
sented) to determine whether or not it represents a connected 
subscriber having sent a request (step 260) . Then, a success 

30 or failure indication is sent back to the content provider in 
a SOAP response (step 265) . 

As described above, extraction (step 250) and decryption 
(step 255) of encrypted token are performed by handler 140 
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while certification (step 260) and other tasks such as billing 
are performed by authentication Web Service 14 5 that transmits 
back the response (step 265) or, if required, an acknowledge. 

Now turning to figure 3, it is shown an example of the 
algorithm used to generate dynamically an encrypted token, 
i.e. the step consisting in anonymizing user Id (step 210). 
After having determined a separator, referred to as S, and a 
variable T that, in this example, corresponds to the time 
expressed in number of milliseconds from the standard base 
time known as the epoch, namely January 1, 1970, 00:00:00 GMT, 
the user Id is concatenated with variable T in a string, such 
that user Id and T are separated with separator S (step 300) . 
Then, the string is encrypted according to a standard symmet- 
ric or asymmetric encryption algorithm (step 305) to produce 
the encrypted token. It is to be noticed that variable T may 
be any time varying value. Thus, for a particular user, the 
encrypted token could be different at each connection, 
preventing the CP to make any statistics based on encrypted 
token . 

Figure 4 illustrates an example - of the algorithm used to 
decrypt the encrypted token to extract user Id, i.e. the step 
consisting in decrypting extracted encrypted token (step 255). 
Upon reception of the encrypted token, it is decrypted using 
the decryption algorithm corresponding to the encryption 
algorithm used to produced the encrypted token (step 400). 
Since, the decryption process is done by the SP, the 
encryption/decryption algorithm may be indifferently symmetric 
or asymmetric, not any key has to be transmitted through the 
network. When the encrypted token has been decrypted, the user 
Id is easily retrieved by using the separator S (step 405) so 
that the SP may check whether or not the user Id belongs to 
the user registry. 
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Thus, the method of the invention provides : 

- user identity key generation that guarantees the 
privacy of the user from a CP standpoint (the CP is unable 
to identify the user nor to generate useful statistic 
information with it), an uniqueness for SP standpoint (the 
SP is able from this key to retrieve the real identity of 



the user, 



- use of a Web Service technology to publish and 
provide a service to validate the user identity key, as 
well as potential additional functions such as billing. 



Naturally, in order to satisfy local and specific 
requirements, a person skilled in the art may apply to the 
solution described above many modifications and alterations 
all of which, however, are included within the scope of 
protection of the invention as defined by the following 



claims . 
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Claims : 



1. A method for protecting the identifier of a subscriber in 
data transfer between a service and a content providers when 
said subscriber send a request to said service provider to get 
data belonging to said content provider (200), said method 
comprising the steps of : 

- upon reception of said subscriber request by said service 
provider : 

- computing an encrypted token using said identifier of 
said subscriber (210) ; and, 

- transmitting said subscriber request and said encrypted 
token to said content provider (215) ; 

- upon reception by said service provider of a certifica- 
tion request comprising an encrypted token, sent by said 
content provider : 

- extracting said encrypted token from said certification 
request (250) ; 

- decrypting said extracted encrypted token to determine 
subscriber identifier (255) ; 

- checking said determined subscriber identifier (260) 
and, 

- transmitting a success or failure indication to said 
content provider in response to said certification request 
(265) ; 

- upon reception of said data belonging to said content 
provider, transmitting said data belonging to said content 
provider to said subscriber (240) . 
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2 The method of claim 1 that further comprises the step of 
verifying the rights of said subscriber (205, wherein said 
steps of computing an encrypted token and transmittrng sard 
subscriber request and said encrypted token to said content 
provider are Cone only if said subscriber holds corresponding 
rights . 

3 The method of either claim 1 or claim 2 that further 
comprises the step of memorizing said encrypted token so that 
it could be reuse without the need to be re-computed. 

4 . The method of anyone of claims 1 to 3 further comprising 

cnMrriber if said determined 
the step of charging said subscriber 

subscriber identifier is certified (225) - 

5 The method of anyone of claims 1 to 4 further comprising 
the step of formatting said data belonging to said content 
provider (235) . 

6 The method of anyone of claims 1 to 5 wherein said step 
of computing an encrypted token using the identifier of sard 
subscriber consists in : 

- concatenating said identifier of said subscriber with a 
random or time varying value using a separator (300) ; and, 

- encrypting said concatenation using either a symmetric or 
an asymmetric encryption algorithm (305) . 

7. The method of anyone of claims 1 to 6 wherein said certi- 
fication request is a SOAP request. 

, 8 . The method of anyone of claims 1 to 7 implemented using 
web service technology. 
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9. An apparatus comprising means adapted for carrying out 
the method according to anyone of the claims 2 to 8 . 

10. A computer-like readable medium comprising instructions 
for carrying out the method according to anyone of the claims 
2 to 8. 



I- 
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METHOD AND SYSTEMS FOR PROTECTING SUBSCRIBER 
IDENTIFICATION BETWEEN SERVICE AND CONTENT PROVIDERS 

Abstract 

A method and systems for protecting the identification of 
a subscriber when a service provider transmits a subscriber 
request to a content provider in a distributed network 
environment, such as Internet, is disclosed. After the user 
send a request (200) to the service provider to which he has 
subscribed, the service provider encrypts the user identifier 
(210) before transmitting this request with the encrypted user 
identifier to the content provider (215) . Upon reception, the 
content provider uses an authentication Web Service supplied 
by the service provider that certify or not the user identi- 
fier (220) . If the user identifier is certified, the content 
provider transmits the requested content to the service 
provider that formats it (235) before .sending it to the user 
(240) . The content provider may charge the user through the 
service provider (225). 
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